Resources.md

Introductory guide to mobile app testing

• OWASP Mobile Application Security Testing Guide

Set up for Dynamic analysis

• How to setup BurpSuite and SSL pinning for dynamic analysis.
  • Setting up your testing ground using a VM
  • Setting up your testing ground using a physical phone

Checklist

• A checklist for mobile app pentest. Contains both Android and IOS. It's actually much more than a checklist. Fell free to have a look.
  • MobApp checklist

Checking API keys

• When analysing static applications, you can come across API keys, especially Google API keys. This is a resource to help you check these keys.
  • keyhacks

Cheatsheet

• Cheatsheet for commands
  • Cheatsheet repo
  • Cheatsheet repo2. Don't forget to check out the MobSF tool, really useful for static analysis.

Miscellanous

• A resource on tampering with Android Cordova apps.
  • https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58
• A tool that helped me during certain situation. It is an HTTP proxy interceptor to analyse HTTP requests and responses.
  • https://httptoolkit.com/